An IT security manager requests a report on company information that is publicly available. The manager's
concern is that malicious actors will be able to access the data without engaging in active reconnaissance.
Which of the following is the MOST efficient approach to perform the analysis?


A. Provide a domain parameter to theHarvester tool.
B. Check public DNS entries using dnsenum.
C. Perform a Nessus vulnerability scan targeting a public company's IP.
D. Execute nmap using the options: scan all ports and sneaky mode.

An organization just implemented a new security system. Local laws state that citizens must be notified prior to
encountering the detection mechanism to deter malicious activities. Which of the following is being
implemented?


A. Proximity cards with guards
B. Fence with electricity
C. Drones with alarms
D. Motion sensors with signage

A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the
following BEST describes the information that should feed into a SIEM solution in order to adequately support
an investigation?


A. Logs from each device type and security layer to provide correlation of events
B. Only firewall logs since that is where attackers will most likely try to breach the network
C. Email and web-browsing logs because user behavior is often the cause of security breaches
D. NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device

While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

Which of the following should be the administrator's NEXT step to detect if there is a rogue system without
impacting availability?

A. Conduct a ping sweep,
B. Physically check each system.
C. Deny internet access to the "UNKNOWN" hostname.
D. Apply MAC filtering.

Server administrators want to configure a cloud solution so that computing memory and processor usage is
maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-
service situations caused by availability. Which of the following should administrators configure to maximize
system availability while efficiently utilizing available computing power?


A. Dynamic resource allocation
B. High availability
C. Segmentation
D. Container security

A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which
of the following attacks is the penetration tester planning to execute?


A. Race-condition
B. Pass-the-hash
C. Buffer overflow
D. XSS

During a recent incident, an external attacker was able to exploit an SMB vulnerability over the internet. Which
of the following action items should a security analyst perform FIRST to prevent this from occurring again?


A. Check for any recent SMB CVEs.
B. Install AV on the affected server.
C. Block unneeded TCP 445 connections.
D. Deploy a NIDS in the affected subnet.

A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on
previously defined attacks. The engineer would like a tool to monitor for changes to key files and network traffic
on the device. Which of the following tools BEST addresses both detection and prevention?


A. NIDS
B. HIPS
C. AV
D. NGFW

To reduce and limit software and infrastructure costs, the Chief Information Officer has requested to move
email services to the cloud. The cloud provider and the organization must have security controls to protect
sensitive data. Which of the following cloud services would BEST accommodate the request?


A. IaaS
B. PaaS
C. DaaS
D. SaaS

Which of the following is a targeted attack aimed at compromising users within a specific industry or group?


A. Watering hole
B. Typosquatting
C. Hoax
D. Impersonation